www.ath.co.com
Open in
urlscan Pro
52.70.186.218
Malicious Activity!
Public Scan
Submission: On August 18 via manual from CO — Scanned from DE
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on August 16th 2022. Valid for: 3 months.
This is the only time www.ath.co.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 52.70.186.218 52.70.186.218 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2003 | 15169 (GOOGLE) (GOOGLE) | |
15 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-186-218.compute-1.amazonaws.com
www.ath.co.com | |
ath.co.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
co.com
www.ath.co.com ath.co.com |
121 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 219 |
47 KB |
2 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 286 fonts.googleapis.com — Cisco Umbrella Rank: 54 |
32 KB |
1 |
gstatic.com
fonts.gstatic.com |
17 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
9 | ath.co.com |
www.ath.co.com
|
2 | cdnjs.cloudflare.com |
www.ath.co.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
ath.co.com
|
1 | ajax.googleapis.com |
www.ath.co.com
|
1 | www.ath.co.com | |
15 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.grupoaval.com |
signup.live.com |
account.microsoft.com |
ath.co.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.ath.co.com ZeroSSL RSA Domain Secure Site CA |
2022-08-16 - 2022-11-14 |
3 months | crt.sh |
ath.co.com R3 |
2022-08-16 - 2022-11-14 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-08-01 - 2022-10-24 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.ath.co.com/?rid=LUxrGLs
Frame ID: 3C27CB2E984AB234E77AD42E5DF754F3
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Aplicación de EnrutamientoDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Política de Tratamiento de Datos Personales
Search URL Search Domain Scan URL
Title: Can’t access your account?
Search URL Search Domain Scan URL
Title: Sign-in options
Search URL Search Domain Scan URL
Title: Forgot password?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.ath.co.com/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style1.css
ath.co.com/data_cap/assets/css/ |
1 KB 888 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
ath.co.com/data_cap/assets/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aval.png
ath.co.com/data_cap/Aplicaci%C3%B3n%20de%20Enrutamiento_files/ |
33 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logologin.png
ath.co.com/data_cap/Aplicaci%C3%B3n%20de%20Enrutamiento_files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bancos_grupo.png
ath.co.com/data_cap/Aplicaci%C3%B3n%20de%20Enrutamiento_files/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.jpg
ath.co.com/data_cap/Signin_files/ |
33 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.js
ath.co.com/data_cap/Signin_files/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
ath.co.com/data_cap/assets/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/ |
79 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.min.js
ath.co.com/data_cap/assets/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| nextPage2 function| nextPage3 object| $inputs object| bootstrap function| validateEmail function| validate function| validatePassword object| input1 object| input20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
ath.co.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
www.ath.co.com
2606:4700::6811:180e
2a00:1450:4001:80f::200a
2a00:1450:4001:812::2003
2a00:1450:4001:812::200a
52.70.186.218
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1b87f038bb7466f01e1a52e49560ad8ca54578721db150e6a02718e4f67a717b
2be84d15f4d59ddea9eb544a662f66d2634c0775cc846fb1d3484bd0afed9f26
552cc8661071dd1607b021b650ac0cc2865fd0bf09a414b5d2a455416dbf4cd1
5edf297381b409d711bc8d27676951a59e151e783412850332519c05243d1e24
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
a1515664066f99af8965ae72d9d504aa287a2549901eb340bb4d249b048e76b3
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
dace611ed71fe90a2ab2a380aa0c651d2115887a82c3f03f25f6dad00f9d7ab1
ea62e45514bfa0da42a26060609f936c13917f74417b201b7d95bb7a4da95a17
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f96e39760ed7cd143debbdd86c60b8bedd247f5ced9fbed39fa37d6e460991a5
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e